UBUNTU-CVE-2023-27585

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-27585

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-27585.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-27585

Related

Published

2023-03-14T17:15:00Z

Modified

2024-10-15T14:11:25Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

PJSIP is a free and open source multimedia communication library written in C. A buffer overflow vulnerability in versions 2.13 and prior affects applications that use PJSIP DNS resolver. It doesn't affect PJSIP users who do not utilise PJSIP DNS resolver. This vulnerability is related to CVE-2022-24793. The difference is that this issue is in parsing the query record parse_query(), while the issue in CVE-2022-24793 is in parse_rr(). A patch is available as commit d1c5e4d in the master branch. A workaround is to disable DNS resolution in PJSIP config (by setting nameserver_count to zero) or use an external resolver implementation instead.

References

Affected packages

Ubuntu:Pro:16.04:LTS / pjproject

Package

Name: pjproject
Purl: pkg:deb/ubuntu/pjproject?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.1.0.0.ast20130823-1

2.1.0.0.ast20130823-1+deb8u1build0.16.04.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / pjproject

Package

Name: pjproject
Purl: pkg:deb/ubuntu/pjproject?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.6~dfsg-2

2.7~dfsg-1

2.7.1~dfsg-1

2.7.1~dfsg-1build1

2.7.2~dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / ring

Package

Name: ring
Purl: pkg:deb/ubuntu/ring?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20180228.1.503da2b~ds1-1ubuntu0.1~esm1

Affected versions

20170803.*

20170803.2.5fcfe3f~dfsg1-1

20171024.*

20171024.1.eadbdeb~ds1-1

20171129.*

20171129.2.cf5bbff~ds1-1

20171129.2.cf5bbff~ds1-2

20180119.*

20180119.1.9e06f94~ds1-1

20180119.1.9e06f94~ds1-3

20180222.*

20180222.1.7bffde2~ds2-2

20180228.*

20180228.1.503da2b~ds1-1

20180228.1.503da2b~ds1-1build1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "20180228.1.503da2b~ds1-1ubuntu0.1~esm1",
            "binary_name": "ring"
        },
        {
            "binary_version": "20180228.1.503da2b~ds1-1ubuntu0.1~esm1",
            "binary_name": "ring-daemon"
        },
        {
            "binary_version": "20180228.1.503da2b~ds1-1ubuntu0.1~esm1",
            "binary_name": "ring-daemon-dbgsym"
        },
        {
            "binary_version": "20180228.1.503da2b~ds1-1ubuntu0.1~esm1",
            "binary_name": "ring-dbgsym"
        }
    ]
}

Ubuntu:20.04:LTS / ring

Package

Name: ring
Purl: pkg:deb/ubuntu/ring?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1

Affected versions

20190215.*

20190215.1.f152c98~ds1-1

20190215.1.f152c98~ds1-1build1

20190215.1.f152c98~ds1-1build2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1",
            "binary_name": "jami"
        },
        {
            "binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1",
            "binary_name": "jami-daemon"
        },
        {
            "binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1",
            "binary_name": "jami-daemon-dbgsym"
        },
        {
            "binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1",
            "binary_name": "jami-dbgsym"
        },
        {
            "binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1",
            "binary_name": "ring"
        },
        {
            "binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1",
            "binary_name": "ring-daemon"
        }
    ]
}